<?php

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#
#	FILE:			includes/custom/adminuserpassword.php
#	FUNCTION:		Custom handler for the Admin Change Password page
#	AUTHOR:			Cameron Morrow
#	CREATED:		09/09/2005
#
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# Check if form submitted
if (@$_POST["userid"]) {

	# Get user ID
	$user_id = $_POST["userid"];

	# Get new password
	$new_password = (@$_POST["newpassword"]) ? $_POST["newpassword"] : "";

	# Get new password confirmation
	$new_password_conf = (@$_POST["newpasswordconf"]) ? $_POST["newpasswordconf"] : "";

	# Strip bad chars
	$user_id = removeInvalidChars(strtolower($user_id), $VALID_CHAR_LIST["ids"]);
	$new_password = removeInvalidChars(strtolower($new_password), $VALID_CHAR_LIST["ids"]);
	$new_password_conf = removeInvalidChars(strtolower($new_password_conf), $VALID_CHAR_LIST["ids"]);

	# Check new passwords match
	if ($new_password == $new_password_conf) {

		# Check user exists
		$current_data = getRecord("SELECT u_password, u_login_name, u_email, u_fname, u_lname FROM " . $PROJECT_DB_TABLES["users"] . " WHERE u_id = '" . $user_id . "'");

		# If data found
		if (count($current_data) == 1) {

			# SQL
			$sql = "UPDATE " . $PROJECT_DB_TABLES["users"] . " SET u_password = '" . md5($new_password) . "' WHERE u_id = '" . $user_id . "' LIMIT 1";

			# Attempt to update
			if (executeSQLQuery($sql)) {

				# Message
				addMessage("<p>OK, new password has been set successfully.</p>");

				# See if emailing a confirmation email
				if (@$_POST["emailconf"]) {

					# Get user's email
					$email_to = $current_data[0]["u_email"];

					# Subject
					$email_subject = $PROJECT_TITLE . " - Your password has been changed";

					# If no custom message
					if (@!$EMAIL_CHANGE_MESSAGE) {
						$EMAIL_CHANGE_MESSAGE = "Dear [USERFNAME] [USERLNAME],\n\nYour password has been changed by an Administrator. Your new password is:\n\n[PASSWORD]\n\nNext time you log in, you should use this password.\n\nThank You,\n[ADMINFNAME] [ADMINLNAME]";
					}

					# Replace content with passed vars
					$email_content = str_replace(
						array(
							"[USERFNAME]",
							"[USERLNAME]",
							"[PASSWORD]",
							"[ADMINFNAME]",
							"[ADMINLNAME]",
							"[USERLOGINNAME]"
						),
						array(
							$current_data[0]["u_fname"],
							$current_data[0]["u_lname"],
							$new_password,
							$USER -> getFirstName(),
							$USER -> getLastName(),
							$current_data[0]["u_login_name"]
						),
						$EMAIL_CHANGE_MESSAGE);

					# Create Email
					$email = createEmail($PROJECT_EMAIL, $email_to, $email_subject);

					# Add content
					$email = addEmailBody($email, false, $email_content);

					# Send
					sendEmail($email);
				}

				# Log
				addLog($user_id . "|" . (@$_POST["emailconf"] ? "true" : "false"), 5);

			} else {
				addMessage("<p>An error occured and the user's password could not be updated. Please try updating again.</p>", 2);
			}

		} else {

			# Error
			addError("<p>Sorry, an error occured and data for <em>" . $user_id . "</em> could not be found.</p>", 2);
		}
	} else {

		# Message
		addMessage("<p>The new passwords do not match. Please enter them again.</p>", 3);
	}


} else {

	# Get details
	$user_id = (@$_GET["userid"]) ? $_GET["userid"] : false;
}

# Output
if ($user_id) {

	# Header
	$output = "<h2>Enter new password for <em>" . $user_id . "</em>:</h2>";

	# Create form
	$output .= "<form name=\"passwordform\" id=\"passwordform\" action=\"" . $PAGE_ID . ".php\" method=\"post\">";

	# Hidden value
	$output .= "<input type=\"hidden\" id=\"userid\" name=\"userid\" value=\"" . $user_id . "\" />";

	# Table
	$output .= "<table class=\"inputtable\" cellspacing=\"0\">";

	# New Password
	$output .= "<tr><td><label for=\"newpassword\">New Password:</label></td>" .
		"<td><input type=\"password\" name=\"newpassword\" id=\"newpassword\" value=\"\" /></td></tr>";

	# Confirm new password
	$output .= "<tr><td><label for=\"newpasswordconf\">Confirm New Password:</label></td>" .
		"<td><input type=\"password\" name=\"newpasswordconf\" id=\"newpasswordconf\" value=\"\" /></td></tr>";
	
	# Should user be emailed new password?
	$output .= "<tr><td colspan=\"2\"><input type=\"checkbox\" name=\"emailconf\" id=\"emailconf\" /> <label for=\"emailconf\">Email user this password?</label></td></tr>";

	# Submit
	$output .= "<tr><td colspan=\"2\" style=\"text-align: right;\"><input type=\"button\" onclick=\"closeWindow();\" value=\"Close\" /> <input class=\"savebutton\" type=\"submit\" value=\"Change Password\" /></td></tr>";

	# Close table
	$output .= "</table>";

	# End form
	$output .= "</form>";

	# Add Content
	addContent($output);

} else {

	addContent("<h2>Invalid Link</h2>");

	addContent("<p>Sorry, a username was not provided to the page. Looks like an error of some kind occured.</p>");
}

?>